In this revolutionized era of information technology where you have power to do anything with a single click of mouse, whether making an online transaction for shopping or accessing any online service such as netbanking, emails, social networking…etc. Have you ever imagined of being attacked and lost everything in front of your eye?
Internet is a world of possibilities but at the same time it can curse you if you aren’t careful with your information, as bad guys are always looking for a chance to hook you up in order to get your personal information. I am going to show you one of the most popular method known as PHISHING, which hackers mostly use to trace your passwords of bank account, email account, credit cards details..etc.
Lets understand the word “Phishing”-
Have you ever received a threat in a mail from known service provider that your account will be suspended if you won’t click on the given link in order to proove if you are an active user, and next day you find yourself not able to log-in to your account and you are assumed “Hacked”? This is a general example of Phishing.
In a technical way, Phishing is a technique to steal your credentials or credit cards details by presenting you with a suspicious link wrapped inside a legitimate hyperlink. Phishing can be performed by mailing phishing e-mails to your email address or using social engineering or phishing phone call.
Let me make this simple, suppose you receive an email which looks like your bank mailed you asking you to change your online account password by clicking on the presented link, the presented link could be a legitimate text under which the suspicious link is wrapped or a link which resembles your bank’s website URL. Once you click the link you will be redirected to the malicious website URL which presents you a resembling Log-in page as your bank’s Log-in page. Here you are Phished, as soon as you enter your credentials, these credentials will be passed to attacker who can misuse the information and can cause great harm to you.
As mentioned above phishing can be done by a single phone call also, known as social engineering or cold phone call. In this type of phishing attack, victim receive a call from a person introducing himself as a bank representative and offering victim a huge discount on shopping using banks credit card. After taking victim into confidence he can ask victim to open an email sent by him which includes a link which takes the victim to a phishing shopping website which ask victim to put his credit card details, thus exposing victim at high risk.
BIG Question.. How to recognize phishing emails and Phone calls?
Identifying Phishing emails
There are easy ways to recognize Phishing emails, although at a first look its not easy to recognize because the emails can contain graphics that appears to be legitimate, such as logo of the company and can make you believe that the mail is from trusted source, but if the body of message looks suspicious, such as asking you for changing your password or providing personal information by following a given hyperlink then you need to pay a close attention to the links given in the mail. Don’t click on any such link, just hover your mouse or right click on it and select ‘copy link location’ to see the actual web address of phishing site. Paste the link in a notepad and you’ll see a phishing link which could be completely different address than the presented address or can have garbled text.
Below is an example of Phishing email
e.g. https://www.paypal.com/confirm_registration.html could redirect you to malicious URL http://www.paypel.com/confirm_registration.html. Although link looks similar but if you pay attention there is a single character which is manipulated in “paypal”.
If somehow you aren’t able to detect the phishing link and clicked the link which redirects you to a Log-in page of banks website or shopping website, first check whether the website is secure with SSL or not. Every secure website’s address starts with http(s), and the website must have a certificate issued by a online trusted certificate authority companies. You can verify the certificate by clicking on the lock sign at the bottom of the page or in the address bar (in modern browsers). View the certificate to find the common name in the certificate, common name always is the address of the website to which this certificate has been issued. Also make sure that the certificate is verified by the trusted certificate providers.
Below is the snapshot of a secure website
Identifying Phishing Phone calls
Any reputed organization or bank never ask for your personal information or credit cards details. Thus be aware if you receive such phone calls from unidentified person claiming himself as a representative of bank or organization.
How to report Phishing?
If you receive a phishing email or visited to a phishing website you can report the attack.
Internet Explorer:- While you are on a suspicious site, click the gear icon at the upper right hand side of the browser window and then click Safety. Then click Report Unsafe Website.
E-mail:- If you receive a suspicious email, simply forward the suspected phishing email to firstname.lastname@example.org .
Author Bio:- Himanshu Rana is a Techie and Blogger, who is editor and co-owner of http://gadzetgallery.com. As a Techie he works as a Senior Server engineer in a reputed org. He loves to blog on Gadgets, Tech, Tips & Tricks and also actively participate in MS Technet Forums.